The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of VMware ESXi

computer vulnerability announce CVE-2017-4933 CVE-2017-4940 CVE-2017-4941

VMware ESXi, vCenter Server Appliance, Workstation: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of VMware ESXi, vCenter Server Appliance and Workstation.
Impacted products: ESXi, vCenter Server, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Consequences: user access/rights, client access/rights, denial of service on server, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 20/12/2017.
Identifiers: CERTFR-2017-AVI-480, CVE-2017-4933, CVE-2017-4940, CVE-2017-4941, CVE-2017-4943, TALOS-2017-0368, TALOS-2017-0369, VIGILANCE-VUL-24847, VMSA-2017-0021.

Description of the vulnerability

An attacker can use several vulnerabilities of VMware ESXi, vCenter Server Appliance and Workstation.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-4925

VMware ESXi/Workstation: denial of service via Guest RPC

Synthesis of the vulnerability

An attacker can generate a fatal error via Guest RPC of VMware ESXi/Workstation, in order to trigger a denial of service.
Impacted products: ESXi, VMware vSphere Hypervisor, VMware Workstation.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 15/09/2017.
Identifiers: CERTFR-2017-AVI-304, CVE-2017-4925, VIGILANCE-VUL-23845, VMSA-2017-0015.

Description of the vulnerability

An attacker can generate a fatal error via Guest RPC of VMware ESXi/Workstation, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-4924

VMware ESXi/Workstation: memory corruption via SVGA

Synthesis of the vulnerability

An attacker, inside a guest system, can generate a memory corruption via SVGA of VMware ESXi/Workstation, in order to trigger a denial of service, and possibly to run code on the host system.
Impacted products: ESXi, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 15/09/2017.
Identifiers: CERTFR-2017-AVI-304, CVE-2017-4924, VIGILANCE-VUL-23844, VMSA-2017-0015, VMSA-2017-0015.1, ZDI-17-738.

Description of the vulnerability

An attacker, inside a guest system, can generate a memory corruption via SVGA of VMware ESXi/Workstation, in order to trigger a denial of service, and possibly to run code on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-4902 CVE-2017-4903 CVE-2017-4904

VMware ESXi, Workstation: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of VMware ESXi, Workstation.
Impacted products: ESXi, VMware vSphere, VMware vSphere Hypervisor, VMware Workstation.
Severity: 3/4.
Consequences: privileged access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 3.
Creation date: 29/03/2017.
Revision date: 31/03/2017.
Identifiers: CERTFR-2017-AVI-093, CVE-2017-4902, CVE-2017-4903, CVE-2017-4904, CVE-2017-4905, VIGILANCE-VUL-22279, VMSA-2017-0006, ZDI-17-235, ZDI-17-236, ZDI-17-237, ZDI-17-238, ZDI-17-239.

Description of the vulnerability

Several vulnerabilities were announced in VMware ESXi, Workstation.

An attacker can generate a memory corruption via the SVGA video card emulation, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-4902, CVE-2017-4903, ZDI-17-235, ZDI-17-236, ZDI-17-237]

An attacker can generate a memory corruption via the HCI controller, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-4904, ZDI-17-239]

An attacker can read a memory fragment, in order to obtain sensitive information. [severity:1/4; CVE-2017-4905, ZDI-17-238]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-5191

VMware Tools: privilege escalation via libDeployPkg

Synthesis of the vulnerability

An attacker can bypass restrictions via libDeployPkg of VMware Tools, in order to escalate his privileges.
Impacted products: Fedora, openSUSE Leap, ESXi, VMware vSphere Hypervisor.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 20/02/2017.
Identifiers: CVE-2015-5191, FEDORA-2017-08ec8b6dc4, FEDORA-2017-4b4154d6f6, openSUSE-SU-2017:0509-1, openSUSE-SU-2017:0827-1, VIGILANCE-VUL-21884, VMSA-2017-0013.

Description of the vulnerability

An attacker can bypass restrictions via libDeployPkg of VMware Tools, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-7463

VMware ESXi: Cross Site Scripting via Host Client

Synthesis of the vulnerability

An attacker can trigger a stored Cross Site Scripting via Host Client of VMware ESXi, in order to run JavaScript code in the context of the web site.
Impacted products: ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 21/12/2016.
Identifiers: CERTFR-2016-AVI-425, CVE-2016-7463, VIGILANCE-VUL-21430, VMSA-2016-0023.

Description of the vulnerability

The VMware ESXi product offers a web service.

However, it does not filter received data via Host Client before storing then inserting them in generated HTML documents.

An attacker can therefore trigger a stored Cross Site Scripting via Host Client of VMware ESXi, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-5330 CVE-2016-5331

VMware: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of VMware.
Impacted products: ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Consequences: user access/rights, client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 05/08/2016.
Revisions dates: 09/08/2016, 20/09/2016.
Identifiers: CERTFR-2016-AVI-265, CVE-2016-5330, CVE-2016-5331, SFY20151201, SYSS-2016-063, VIGILANCE-VUL-20326, VMSA-2016-0010.

Description of the vulnerability

Several vulnerabilities were announced in VMware.

An attacker can use a malicious vmhgfs.dll DLL via the VMware Tools "Shared Folders" feature (component VMware Host Guest Client Redirector), in order to run code. [severity:2/4; CVE-2016-5330, SFY20151201]

An attacker can inject an HTTP header, in order to trigger a Cross Site Scripting or a redirection. [severity:2/4; CVE-2016-5331, SYSS-2016-063]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-7079 CVE-2016-7080

VMware ESXi: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of VMware ESXi.
Impacted products: ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/09/2016.
Identifiers: CERTFR-2016-AVI-313, CVE-2016-7079, CVE-2016-7080, VIGILANCE-VUL-20604, VMSA-2016-0014, VMSA-2016-0014.1.

Description of the vulnerability

Several vulnerabilities were announced in VMware ESXi.

An attacker can force a NULL pointer to be dereferenced via VMware Tools, in order to trigger a denial of service. [severity:1/4; CVE-2016-7079]

An attacker can force a NULL pointer to be dereferenced via VMware Tools, in order to trigger a denial of service. [severity:1/4; CVE-2016-7080]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-7547

glibc: buffer overflow of getaddrinfo

Synthesis of the vulnerability

An attacker, who owns a malicious DNS server, can reply with long data to a client application using the getaddrinfo() function of the glibc, in order to trigger a denial of service, and possibly to run code in the client application.
Impacted products: ArubaOS, Blue Coat CAS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco Catalyst, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Cisco Prime DCNM, Secure ACS, Cisco CUCM, Cisco IP Phone, Cisco Wireless IP Phone, Cisco Wireless Controller, XenDesktop, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, ExtremeXOS, BIG-IP Hardware, TMOS, Fedora, QRadar SIEM, Trinzic, NSM Central Manager, NSMXpress, McAfee Email Gateway, McAfee MOVE AntiVirus, VirusScan, McAfee Web Gateway, openSUSE, openSUSE Leap, Palo Alto Firewall PA***, PAN-OS, RealPresence Distributed Media Application, Polycom VBP, RHEL, ROX, RuggedSwitch, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity: 4/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 16/02/2016.
Revision date: 17/02/2016.
Identifiers: 046146, 046151, 046153, 046155, 046158, 1977665, 478832, 479427, 479906, 480572, 480707, 480708, ARUBA-PSA-2016-001, BSA-2016-003, BSA-2016-004, CERTFR-2016-AVI-066, CERTFR-2016-AVI-071, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cisco-sa-20160218-glibc, CTX206991, CVE-2015-7547, ESA-2016-020, ESA-2016-027, ESA-2016-028, ESA-2016-029, ESA-2016-030, FEDORA-2016-0480defc94, FEDORA-2016-0f9e9a34ce, JSA10774, KB #4858, openSUSE-SU-2016:0490-1, openSUSE-SU-2016:0510-1, openSUSE-SU-2016:0511-1, openSUSE-SU-2016:0512-1, PAN-SA-2016-0021, RHSA-2016:0175-01, RHSA-2016:0176-01, RHSA-2016:0225-01, SA114, SB10150, SOL47098834, SSA:2016-054-02, SSA-301706, SUSE-SU-2016:0470-1, SUSE-SU-2016:0471-1, SUSE-SU-2016:0472-1, SUSE-SU-2016:0473-1, USN-2900-1, VIGILANCE-VUL-18956, VMSA-2016-0002, VMSA-2016-0002.1, VN-2016-003.

Description of the vulnerability

The glibc library implements a DNS resolver (libresolv).

An application can thus call the getaddrinfo() function, which queries DNS servers. When the AF_UNSPEC type is used in the getaddrinfo() call, two DNS A and AAAA queries are sent simultaneously. However, this special case, and a case with AF_INET6 are not correctly managed, and lead to an overflow if the reply coming from the DNS server is larger than 2048 bytes.

An attacker, who owns a malicious DNS server, can therefore reply with large data to a client application using the getaddrinfo() function of the glibc, in order to trigger a denial of service, and possibly to run code in the client application.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-6933

VMware ESXi, Player, Workstation: memory corruption via HGFS

Synthesis of the vulnerability

An attacker can generate a memory corruption in HGFS of VMware ESXi, Player or Workstation, in order to trigger a denial of service, and possibly to run privileged code on Windows.
Impacted products: ESXi, VMware Player, VMware vSphere, VMware vSphere Hypervisor, VMware Workstation.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user shell.
Creation date: 08/01/2016.
Identifiers: CERTFR-2016-AVI-005, CVE-2015-6933, VIGILANCE-VUL-18664, VMSA-2016-0001.

Description of the vulnerability

The VMware ESXi, Player and Workstation products offer VMware Tools, which run inside the guest system.

However, an attacker in a Windows guest system, can trigger a memory corruption in the "Shared Folders" (HGFS) feature, in order to escalate his privileges in the guest system.

An attacker can therefore generate a memory corruption in HGFS of VMware ESXi, Player or Workstation, in order to trigger a denial of service, and possibly to run privileged code on Windows.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about VMware ESXi: